[squid-users] Is ntlm_fake_auth known to work?

Amos Jeffries squid3 at treenet.co.nz
Thu Nov 5 14:32:50 UTC 2015


On 5/11/2015 10:39 p.m., Edouard Gaulué wrote:
> Le 05/11/2015 04:18, Amos Jeffries a écrit :
>>
>> Depends on what Squid version you are using. It was broken for a few
>> years. We fixed that issue a few months back and it was apparently
>> working now. that Good news is you can grab the latest Squid code (v4 or
>> 3.5), build it and use the helper generated on older Squid installations
>> if you need to use old Squid for some reason.
>>
>> It also depends on what software you are trying to authenticate. NTLM
>> was deprecated in 2006 by MS and they started disabling it by default in
>> software since 2006, and fully removed it from some products around 2010
>> sometime.
>>
>> It also depends what security level you have your NTLM set to. Use with
>> NLMv2-only clients may vary. It will definitely not work with NTLMv2
>> with security extensions.
>>
> 
> Well maybe I'm doing something wrong. My current production version
> 3.4.8 with ntlm_auth (debian) using squid-2.5-ntlmssp worked nicely. But
> as I don't really need authentication, just the username I wanted to get
> rid of the samba stuff. I've compiled 3.5.10 (debian) and tried
> ntlm_fake_auth and I keep getting the user/password screen on the browser.
> 
> I know NTLM really depends on client, but I hoped what have worked with
> ntlm_auth would have worked with ntlm_fake_auth.
> 
> Any clue?

The Samba helper can and does do NTLMv2 etc that the fake one cannot. If
those are required by the client, then it wont work no matter what you
do in Squid.

Other than that sorry. The changes I was thinking of were early in 3.5
series.

Amos



More information about the squid-users mailing list